CompTIA CySA+ (CS0-002) — Question 224

An organization is performing a risk assessment to prioritize resources for mitigation and remediation based on impact. Which of the following metrics, in addition to the CVSS for each CVE, would best enable the organization to prioritize is efforts?

Answer options

• A. OS type
• B. OS or application versions
• C. Patch availability
• D. System architecture
• E. Mission criticality

Correct answer: E

Explanation

The correct answer, Mission criticality, helps determine which systems are essential for the organization's operations, thus guiding prioritization in mitigation efforts. The other options, while relevant to understanding the environment, do not directly influence the urgency or importance of addressing vulnerabilities based on their impact on critical business functions.